# Fileless Attack Detection Template

## Telemetry Status
| Source | Enabled | Event IDs |
|--------|---------|-----------|
| Sysmon | Yes/No | 1,7,8,10,19,20,21 |
| PowerShell Script Block | Yes/No | 4104 |
| AMSI | Yes/No | 1116 |

## Detection Rules
| Rule Name | Technique | SIEM Query | Status |
|-----------|-----------|-----------|--------|
| | T1059.001 | | Active/Draft |

## Sign-Off
| Role | Name | Date |
|------|------|------|
| Detection Engineer | | |
| SOC Lead | | |